Gunnar Hjalmarsson wrote:
>>
>> How would I allow for spaces but not newlines
>
> By including a space in the regex, just as Mike showed you in another
> reply.
> http://www.nntp.perl.org/group/perl.beginners.cgi/2009/01/msg13364.html
>
Oh my USENET client didn't have the space in his reply.
Adam Jimerson wrote:
Gunnar Hjalmarsson wrote:
Adam Jimerson wrote:
Yea I looked it up and all I needed to do was add \s for whitespaces,
Which would also allow for newlines. That sounds dangerous to me, and is
an example why it's not a good idea to write your own code, that allows
the worl
Gunnar Hjalmarsson wrote:
> Adam Jimerson wrote:
>> On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote:
>>> Adam Jimerson wrote:
It seams I over looked the space, is it possible to include spaces in
the search string?
>>>
>>> Of course it is. What you call search string is
Adam Jimerson wrote:
On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote:
Adam Jimerson wrote:
It seams I over looked the space, is it possible to include spaces in the
search string?
Of course it is. What you call search string is a regular expression.
Obviously you have some r
On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote:
> Adam Jimerson wrote:
> > Gunnar Hjalmarsson wrote:
> >> You don't say what to do if the untainting fails. This code:
>
> >> if ($name =~ /^([...@\w.]+)$/) {
> >> $name = $1;
> >> };
>
> >> should better be:
>
> >> if ($name =~ /^([
Adam Jimerson wrote:
Gunnar Hjalmarsson wrote:
You don't say what to do if the untainting fails. This code:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
};
should better be:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
} else {
die "Untainting of the name failed";
}
Please consider, for inst
Gunnar Hjalmarsson wrote:
> Adam Jimerson wrote:
>> I attached my code for my program,
>
> You don't say what to do if the untainting fails. This code:
>
> if ($name =~ /^([...@\w.]+)$/) {
> $name = $1;
> };
>
> should better be:
>
> if ($name =~ /^([...@\w.]+)$/) {
> $name = $1;
> } else {
>
On Fri, Jan 9, 2009 at 6:30 PM, Adam Jimerson wrote:
> Gunnar Hjalmarsson wrote:
>
> > Adam Jimerson wrote:
> >>
> >> According to perlsec I need to use it as a key in a hash or reference a
> >> substring. The example given is
> >>
> >> ,[ ]
> >> if ($data =~ /^([...@\w.]+)$/) {
> >> $data
Adam Jimerson wrote:
I attached my code for my program,
You don't say what to do if the untainting fails. This code:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
};
should better be:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
Gunnar Hjalmarsson wrote:
> Adam Jimerson wrote:
>>
>> According to perlsec I need to use it as a key in a hash or reference a
>> substring. The example given is
>>
>> ,[ ]
>> if ($data =~ /^([...@\w.]+)$/) {
>> $data = $1; # $data now untainted
>> } else {
>> die "Bad data in '$data'";
Adam Jimerson wrote:
Gunnar Hjalmarsson wrote:
There is only one suspected variable to consider, i.e. $name, which is
probably tainted. Untaint it, and you are done. ( You remember where to
find out how, right? ;-) )
According to perlsec I need to use it as a key in a hash or reference a
sub
Setup: Perl 5.8, WinXP
I have created the code below to test Taint mode. The testapp.exe
program is actually the standard windows "attrib.exe" but renamed and
placed in my CWD. The program as it is below works as expected, however if swap
the comments on the two $ENV{'PAT
Charles K. Clarkson wrote:
> Try:
>
>$q->param('jahr', );
>my ($jahr) = $q->param('jahr') =~ /\d{4}/;
>print $jahr;
>
>--
>prints:
>1
>--
>
>Now try it this way:
>
>$q->param('jahr', );
>( my $jahr = $q->param('jahr') ) =~ /\d{4}/;
>print $jahr;
>
>--
>prints:
>
Wait a second
Jan Eden wrote:
>Hi all,
>
>I finally decided to use the taint mode in all my CGI scripts. But I
>experience a strange problem. The following two lines read a file
>depending on the parameter 'jahr':
>
>my ($jahr) = $q->param('jahr'); my %monate = %{do
Hi all,
I finally decided to use the taint mode in all my CGI scripts. But I experience a
strange problem. The following two lines read a file depending on the parameter 'jahr':
my ($jahr) = $q->param('jahr');
my %monate = %{do $jahr} or die $!;
This worked. Now, with t
> since I removed all unwanted files from the array @files earlier while
> reading the directory contents, I simply changed:
> $file =~ /^(\w\.)+$/;
> to
> $file =~ /^(.+)$/;
> and it works
Glad you were able to get it working. Unfortunately, the regex you have
chosen is effectively bypassing
now, that is, what I call help!
thank you very MUCH
since I removed all unwanted files from the array @files earlier while
reading the directory contents, I simply changed:
$file =~ /^(\w\.)+$/;
to
$file =~ /^(.+)$/;
and it works
and again, thank you for taking your time to respond and e
On (09/01/03 17:35), Alex Blum wrote:
> ok. there's two options:
> 2. I fix this.
Good choice!
> can someone help me please? I'm stuck with this, and don't know, how to
> solve the problem. just in case: I did read the
> "Chapter 23. Security" of programming perl (3rd edition) and still don't
> k
e.
I have this problem:
there's a script, that runs just fine, until it dives into a subroutine,
where it is supposed to chmod() and chown() a bunch of files - but fails
miserably because of the taint mode...
ok. there's two options:
1. I'm lazy and don't care much about
hi there.
I have this problem:
there's a script, that runs just fine, until it dives into a subroutine,
where it is supposed to chmod() and chown() a bunch of files - but fails
miserably because of the taint mode...
ok. there's two options:
1. I'm lazy and don't care muc
Hi,
I have 2 questions:
1) I am developing some Perl code under Windows 2000. If I in the first line
writes !c:\perl\bin\perl -wT I get the error "too late for -T option" what
does that mean
2) when I make a print redirect(-uri=>xxx.cgi, -cookie=>$cookie); then my
xxx.cgi script does not get th
Hi Andrew,
Please read the perlsec man page (perldoc perlsec) to learn about -T.
If something still isn't clear, ask for some clarification.
@INC is an array Perl uses to hold a list of directories which it will
search for modules which are 'use'-ed or 'require'-ed.
perl -wle 'print $_ . "\n"
What does the -T Switch do? Please explain as you
would to a newbie, watch the fancy words.
also, what is perl's search path & @INC?
Thank You, Andrew
__
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
--
T
llowing me to modify files or make the call to
> sendmail; but the documentation is very sparse, and I'm running out of
> ideas. Anyone have advice? Thanks!
Along with untainting variables, Taint mode requires you set the PATH
variable, in this case to sendmail. You can't just u
--- Bill Barrett <[EMAIL PROTECTED]> wrote:
> I really want to keep -T to keep my script completely safe,
> but I simply cannot get the script to completely execute. I am driving
> myself crazy because I don't want to cop out and delete the -T.
>
> I think I'm properly untainting my form variable
I really want to keep -T to keep my script completely safe,
but I simply cannot get the script to completely execute. I am driving
myself crazy because I don't want to cop out and delete the -T.
I think I'm properly untainting my form variables (I've tried various ways -
this is one of them):
my
I really really want to keep -T in my shebang to keep my script safe, but I
simply cannot get the script to work properly. I am driving myself crazy
because I don't want to cop out and delete the -T.
I collect about 10 pieces of data from a form, store them into variables,
and then match them to
27 matches
Mail list logo
